From daa2201455c935459f3ee9e87e28eae061bd9471 Mon Sep 17 00:00:00 2001
From: Josh Eckels <jeckels@labkey.com>
Date: Tue, 3 Sep 2024 14:26:14 -0700
Subject: [PATCH] Issue 51098: Update embedded Tomcat HTTP access logging to
 capture true client IP (#872)

---
 server/configs/application.properties                     | 8 ++++----
 server/embedded/src/org/labkey/embedded/LabKeyServer.java | 8 ++++++--
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/server/configs/application.properties b/server/configs/application.properties
index bf8388b11f..531e4b8b5a 100644
--- a/server/configs/application.properties
+++ b/server/configs/application.properties
@@ -121,7 +121,7 @@ management.server.port=@@shutdownPort@@
 
 ## Optional configuration, modeled on the non-JSON Spring Boot properties
 ## https://docs.spring.io/spring-boot/docs/current/reference/html/application-properties.html#application-properties.server.server.tomcat.accesslog.buffered
-#jsonaccesslog.pattern=%h %t %m %U %s %b %D %S "%{Referer}i" "%{User-Agent}i" %{LABKEY.username}s
+#jsonaccesslog.pattern=%h %t %m %U %s %b %D %S "%{Referer}i" "%{User-Agent}i" %{LABKEY.username}s %{X-Forwarded-For}i
 #jsonaccesslog.condition-if=attributeName
 #jsonaccesslog.condition-unless=attributeName
 
@@ -174,6 +174,6 @@ csp.report=\
 ## Use a custom logging configuration
 #logging.config=path/to/alternative/log4j2.xml
 
-## Enable tomcat access log
-server.tomcat.accesslog.enabled=true
-server.tomcat.accesslog.pattern=%h %l %u %t "%r" %s %b %D %S %I "%{Referrer}i" "%{User-Agent}i" %{LABKEY.username}s
+## File-based Tomcat HTTP access logs are enabled by default and use our recommended pattern. Override as needed.
+#server.tomcat.accesslog.enabled=false
+#server.tomcat.accesslog.pattern=%h %l %u %t "%r" %s %b %D %S %I "%{Referrer}i" "%{User-Agent}i" %{LABKEY.username}s %{X-Forwarded-For}i
diff --git a/server/embedded/src/org/labkey/embedded/LabKeyServer.java b/server/embedded/src/org/labkey/embedded/LabKeyServer.java
index 4450e358dc..952195f69d 100644
--- a/server/embedded/src/org/labkey/embedded/LabKeyServer.java
+++ b/server/embedded/src/org/labkey/embedded/LabKeyServer.java
@@ -72,8 +72,12 @@ public static void main(String[] args)
                 "server.tomcat.accesslog.directory", logHome,
 
                 // Enable HTTP compression for response content
-                "server.compression.enabled", "true"
-                ));
+                "server.compression.enabled", "true",
+
+                "server.tomcat.accesslog.enabled", "true",
+                "server.tomcat.accesslog.pattern", "%h %l %u %t \"%r\" %s %b %D %S %I \"%{Referrer}i\" \"%{User-Agent}i\" %{LABKEY.username}s %{X-Forwarded-For}i",
+                "jsonaccesslog.pattern", "%h %t %m %U %s %b %D %S \"%{Referer}i\" \"%{User-Agent}i\" %{LABKEY.username}s %{X-Forwarded-For}i"
+        ));
         application.setBannerMode(Banner.Mode.OFF);
         application.run(args);
     }